matroska CVE Vulnerabilities & Metrics

Focus on matroska vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About matroska Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with matroska. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total matroska CVEs: 15
Earliest CVE date: 29 Jan 2016, 19:59 UTC
Latest CVE date: 12 Jan 2024, 02:15 UTC

Latest CVE reference: CVE-2023-52339

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -100.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -100.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical matroska CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 4.39

Max CVSS: 9.3

Critical CVEs (≥9): 1

CVSS Range vs. Count

Range	Count
0.0-3.9	1
4.0-6.9	13
7.0-8.9	0
9.0-10.0	1

CVSS Distribution Chart

Top 5 Highest CVSS matroska CVEs

These are the five CVEs with the highest CVSS scores for matroska, sorted by severity first and recency.

CVE-2015-8789 matroska Published on 29 Jan 2016, 19:59 UTC (CVSS: 9.3)
Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1.3.3 allows context-dependent attackers to have unspecified impact via a "deeply nested element with infinite size" followed by another element of an upper level in an EBML document.
CVE-2015-8792 matroska Published on 29 Jan 2016, 19:59 UTC (CVSS: 5.0)
The KaxInternalBlock::ReadData function in libMatroska before 1.4.4 allows context-dependent attackers to obtain sensitive information from process heap memory via crafted EBML lacing, which triggers an invalid memory access.
CVE-2021-3405 matroska Published on 23 Feb 2021, 20:15 UTC (CVSS: 4.3)
A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml.
CVE-2017-12803 matroska Published on 10 Nov 2017, 02:29 UTC (CVSS: 4.3)
The Node_ValidatePtr function in corec/corec/node/node.c in mkclean 0.8.9 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.
CVE-2017-12802 matroska Published on 10 Nov 2017, 02:29 UTC (CVSS: 4.3)
The EBML_IntegerValue function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.

All CVEs for matroska

CVE-2023-52339 matroska vulnerability CVSS: 0 12 Jan 2024, 02:15 UTC

In libebml before 1.4.5, an integer overflow in MemIOCallback.cpp can occur when reading or writing. It may result in buffer overflows.

CVE-2021-3405 matroska vulnerability CVSS: 4.3 23 Feb 2021, 20:15 UTC

A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml.

CVE-2017-12803 matroska vulnerability CVSS: 4.3 10 Nov 2017, 02:29 UTC

The Node_ValidatePtr function in corec/corec/node/node.c in mkclean 0.8.9 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.

CVE-2017-12802 matroska vulnerability CVSS: 4.3 10 Nov 2017, 02:29 UTC

The EBML_IntegerValue function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.

CVE-2017-12801 matroska vulnerability CVSS: 4.3 10 Nov 2017, 02:29 UTC

The UpdateDataSize function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.

CVE-2017-12800 matroska vulnerability CVSS: 4.3 10 Nov 2017, 02:29 UTC

The EBML_FindNextElement function in ebmlmain.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file.

CVE-2017-12783 matroska vulnerability CVSS: 4.3 10 Nov 2017, 02:29 UTC

The ReadDataFloat function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.

CVE-2017-12782 matroska vulnerability CVSS: 4.3 10 Nov 2017, 02:29 UTC

The ReadData function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.

CVE-2017-12781 matroska vulnerability CVSS: 4.3 10 Nov 2017, 02:29 UTC

The EBML_BufferToID function in ebmlelement.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file.

CVE-2017-12780 matroska vulnerability CVSS: 4.3 10 Nov 2017, 02:29 UTC

The ReadData function in ebmlstring.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted mkv file.

CVE-2017-12779 matroska vulnerability CVSS: 4.3 10 Nov 2017, 02:29 UTC

The Node_GetData function in corec/corec/node/node.c in mkvalidator 0.5.1 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file.

CVE-2015-8792 matroska vulnerability CVSS: 5.0 29 Jan 2016, 19:59 UTC

The KaxInternalBlock::ReadData function in libMatroska before 1.4.4 allows context-dependent attackers to obtain sensitive information from process heap memory via crafted EBML lacing, which triggers an invalid memory access.

CVE-2015-8791 matroska vulnerability CVSS: 4.3 29 Jan 2016, 19:59 UTC

The EbmlElement::ReadCodedSizeValue function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted length value in an EBML id, which triggers an invalid memory access.

CVE-2015-8790 matroska vulnerability CVSS: 4.3 29 Jan 2016, 19:59 UTC

The EbmlUnicodeString::UpdateFromUTF8 function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted UTF-8 string, which triggers an invalid memory access.

CVE-2015-8789 matroska vulnerability CVSS: 9.3 29 Jan 2016, 19:59 UTC

Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1.3.3 allows context-dependent attackers to have unspecified impact via a "deeply nested element with infinite size" followed by another element of an upper level in an EBML document.